﻿/**
* 防范XSS攻击
*/
(function(E, $){

var Consts = E.consts,
	re = /^javascript:/i;

E.addFilter('xss', {
	replace: function( dom ){
		if(typeof dom !='object' || !dom.body){return dom;}
		$('a', dom).each(function(){
			var o = $(this), url = o.attr('href');
			if(!url) return;
			url = url.replace(/\s/g, '');
			if( re.test(url) ){
				o.replaceWith( o.html() );
			}
		});
		
		$('img', dom).each(function(){
			var o = $(this), url = o.attr('src');
			if(!url) return;
			url = url.replace(/\s/g, '');
			if( re.test(url) ){
				o.remove();
			}
		});
	}
});


})(jQEditor, jQuery);